Resilience:
critical business functions and the supporting infrastructure are designed and engineered in such a way that they are materially unaffected by most disruptions, for example through the use of redundancy and spare capacity,

Recovery:
arrangements are made to recover or restore critical and less critical business functions that fail for some reason.

Contingency:
the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not, have been foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.